When it comes to security hardware, small businesses are getting a heck of a lot for their money these days, and not just from the established names either. This particular security box of tricks, the BiGuard S10, comes from a Far-Eastern company we’d not heard of before, Billion Electric, based out of Taiwan. Brand name companies be warned – you have some competition here.
Plug in broadband in its single WAN port at one end of the S10, and the network into one or more of its four 10/100 Ethernet ports at the other, and you have an all-in-one security gateway comprising an SSL VPN server, with integrated router and firewalling. Without wanting to blow a good punchline too early, the S10 doesn’t stand out for its spec sheet, decent though that is, but more for the sub-£300 street price it is being sold at.
Whether it suits a particular company will depend on the size of network plugging into it, and the degree to which they need remote access. The S10 is rated for 10-50 employees, while a failover version with dual-WAN ports, the S20, claims to be able to juggle up to 200 of the same. The number of concurrent SSL connections – the most important statistic on an SSL box - is quoted as 10, so use this as the measure.
Is that enough? For a small company, the answer is probably “yes”, but the chances are that the VPN load will go up over time, so the BiGuard could look a bit silly in short order. If there is any chance of that happening then go for the more featured version, or get a standalone VPN box from someone else.
There is also the question of whether buying a VPN gateway with the firewall and router attached is the right way to go in the first place – today they tend to be separate. There is no definitive answer to this question, but the integration of features into single appliances looks inevitable for small business security because it is the only way capital and management cost can be reduced. In that sense at least, the S10 is ahead of most of its rivals for now.
It’ll talk PPoE to the ISP in question, or can be hooked up with a static IP address, depending on the network configuration in question. For simplicity, we tested it on the other side of a separate PPoA router and ADSL access device, with the DHCP client turned on, not the way it would most likely be used.
The web configuration is fairly straightforward, and uses a series of stacked menus. The core of it is the SSL VPN interface, which lets the admin customise the log-in interface, and set up authentication either using an internal database or using external RADIUS or LDAP servers if such a thing exists. A strong point is the customisable SSL portal login, underpinned by a number of remote management tools. Described as ‘Transport Extender’ and ‘Network Extender’ – these smooth the remote use of internal applications and specify how remote users interact with the network itself. Which is used will depend on a number of factors including the level of configuration desired at the web client end. There is also an application proxy to enable terminal services, Telnet and SSH, and FTP/HTTP/HTTPS.
We did notice that accessing the portal didn’t seem happy with Mozilla 2.0 – presumably this has been fixed in a recent firmware update.
Firewalls can be a bit perfunctory these days. Everyone appears to have much the same features, especially at the lower end of the scale. This one is no different. You get the usual SPI, with vanilla intrusion detection and DoS prevention, of which we’d have liked more detail. Content and URL filtering is there if it is needed while ActiveX and Java applets can be blocked. Having said that, the creation of security and user policies is quite nicely done.
Quality of Service
An important part of an SSL VPN is quality of service controls, something that is critical to ensuring the whole box doesn’t become snarled up with applications gone haywire. This is enacted by creating rules for certain types of applications (VoIP, FTP, etc), specifying when traffic shaping should kick in to prevent bottlenecking. Once the SSL side of things has been configured, this element of the box should be the second port of call and is a very easy to use.
There is nothing about the Billion BiGuard S10 amazes, other than that it has arrived out of the blue at a good moment. It would be unfair to say it speaks of its Asian box-shifting roots because its rivals are made in the same territory anyway, but it is the low cost that is its main USP. The low-entry level doesn’t entirely convince, and it can’t be upgraded in any obvious way, so it’s really for small companies without demanding users or applications. On the whole, we’d be inclined to recommend the model one up, the S20 (not available yet in the UK), for its greater capacity and processing power.
All in all though, everything is there, and some of it is quite grown up for its price range. Don’t be deceived by its demure looks, which are not that far removed the heap of low-cost routers that line the shelves of PC World. This is a step up from that. It has good QoS, and well-implemented SSL VNP capability.
We’d have liked more resilience, a more featured firewall, a more convincing level of capacity, and perhaps some expandability for an all-in-one box. This is no UTM though it looks the part at times.
Firmware upgrade (October 20 2006) available here.
UK Supplier: Broadband Buyer
An SSL VPN is not something to toy with, and will require an experienced security pro to configure and manage. That's the price you pay for the joy of remote application access, but ti could be worth it nonetheless. The biggest issue, other than management, is really capacity. Will the chosen product deal with the number of concurrent users while offering sufficient traffic-shaping to stop bottlenecking?